Updated imagemagick package fixes security vulnerabilities
Publication date: 21 Feb 2014Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1958 , CVE-2014-2030
Description
A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958). A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030).
References
- https://bugs.mageia.org/show_bug.cgi?id=12742
- http://secunia.com/advisories/56844/
- https://bugzilla.redhat.com/show_bug.cgi?id=1067276
- https://bugzilla.redhat.com/show_bug.cgi?id=1064098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2030
SRPMS
3/core
- imagemagick-6.8.1.1-2.1.mga3
4/core
- imagemagick-6.8.7.0-2.1.mga4